512 lines
16 KiB
Plaintext
512 lines
16 KiB
Plaintext
-- =========================================================================
|
|
-- Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P.
|
|
--
|
|
-- Description: Secure Shell(SSH) MIB
|
|
-- Reference: draft-ylonen-ssh-protocol-00.txt
|
|
-- Version: V1.2
|
|
-- History:
|
|
-- V1.0 2007-11-19 created by ZhangJun 03132
|
|
-- Initial version.
|
|
-- V1.1 2013-12-21 add enum value scp(5) in hpnicfSSHUserServiceType by DaiRuiqiang 04358.
|
|
-- V1.2 2014-01-17 add enum value scp(4) in hpnicfSSHSessionServiceType by DaiRuiqiang 04358.
|
|
-- 2014-02-20 add hpnicfSCPServerEnable and hpnicfSTelnetServerEnable by DaiRuiqiang 04358.
|
|
-- =========================================================================
|
|
HPN-ICF-SSH-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
hpnicfCommon
|
|
FROM HPN-ICF-OID-MIB
|
|
Integer32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
InetAddressType, InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
DisplayString, RowStatus
|
|
FROM SNMPv2-TC;
|
|
|
|
hpnicfSSH MODULE-IDENTITY
|
|
LAST-UPDATED "201402200000Z"
|
|
ORGANIZATION
|
|
""
|
|
CONTACT-INFO
|
|
""
|
|
DESCRIPTION
|
|
"This MIB is used to configure SSH server."
|
|
REVISION "201402200000Z"
|
|
DESCRIPTION
|
|
"Add hpnicfSCPServerEnable and hpnicfSTelnetServerEnable."
|
|
REVISION "201401170000Z"
|
|
DESCRIPTION
|
|
"Add enum value scp(4) in hpnicfSSHSessionServiceType."
|
|
REVISION "201312210000Z"
|
|
DESCRIPTION
|
|
"Add enum value scp(5) in hpnicfSSHUserServiceType."
|
|
REVISION "200711190000Z"
|
|
DESCRIPTION
|
|
"The initial version."
|
|
::= { hpnicfCommon 22 }
|
|
|
|
--
|
|
-- Node definitions
|
|
--
|
|
-- Scalar MIB objects are defined in this section.
|
|
hpnicfSSHServerMIB OBJECT IDENTIFIER ::= { hpnicfSSH 1 }
|
|
|
|
hpnicfSSHServerMIBObjects OBJECT IDENTIFIER ::= { hpnicfSSHServerMIB 1 }
|
|
|
|
-- Scalar MIB objects, which are considered as global variables
|
|
-- to SSH server, are defined in this section.
|
|
hpnicfSSHServerGlobalConfig OBJECT IDENTIFIER ::= { hpnicfSSHServerMIBObjects 1 }
|
|
|
|
hpnicfSSHServerVersion OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol version of the SSH server."
|
|
::= { hpnicfSSHServerGlobalConfig 1 }
|
|
|
|
hpnicfSSHServerCompatibleSSH1x OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
enableCompatibleSSH1x(1),
|
|
disableCompatibleSSH1x(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Supporting compatibility with SSH versions 1.x. It is
|
|
known that there are still devices using the previous
|
|
versions. During the transition period, it is important to
|
|
be able to work in a way that is compatible with the
|
|
installed SSH clients and servers that use the older version
|
|
of the protocol."
|
|
::= { hpnicfSSHServerGlobalConfig 2 }
|
|
|
|
hpnicfSSHServerRekeyInterval OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time interval of regenerating SSH server key. The unit
|
|
is hour."
|
|
::= { hpnicfSSHServerGlobalConfig 3 }
|
|
|
|
hpnicfSSHServerAuthRetries OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The limit times of a specified user can retry."
|
|
::= { hpnicfSSHServerGlobalConfig 4 }
|
|
|
|
hpnicfSSHServerAuthTimeout OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SSH server has a timeout for authentication and
|
|
disconnect if the authentication has not been accepted
|
|
within the timeout period. The unit is second."
|
|
::= { hpnicfSSHServerGlobalConfig 5 }
|
|
|
|
hpnicfSFTPServerIdleTimeout OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SFTP server has a timeout for idle connection if a user
|
|
has no activities within the timeout period. The unit is
|
|
minute."
|
|
::= { hpnicfSSHServerGlobalConfig 6 }
|
|
|
|
hpnicfSSHServerEnable OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
enableSSHServer(1),
|
|
disableSSHServer(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable SSH server function."
|
|
::= { hpnicfSSHServerGlobalConfig 7 }
|
|
|
|
hpnicfSFTPServerEnable OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
enableSFTPService(1),
|
|
disableSFTPService(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable SFTP server function."
|
|
::= { hpnicfSSHServerGlobalConfig 8 }
|
|
|
|
hpnicfSTelnetServerEnable OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
enableSTelnetServer(1),
|
|
disableSTelnetServer(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable STelnet server function."
|
|
::= { hpnicfSSHServerGlobalConfig 9 }
|
|
|
|
hpnicfSCPServerEnable OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
enableSCPService(1),
|
|
disableSCPService(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable SCP server function."
|
|
::= { hpnicfSSHServerGlobalConfig 10 }
|
|
|
|
-- SSH users are defined in this section.
|
|
hpnicfSSHUserConfig OBJECT IDENTIFIER ::= { hpnicfSSHServerMIBObjects 2 }
|
|
|
|
-- Define a group which consists of all objects used for users.
|
|
hpnicfSSHUserConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpnicfSSHUserConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table for managing SSH users."
|
|
::= { hpnicfSSHUserConfig 1 }
|
|
|
|
hpnicfSSHUserConfigEntry OBJECT-TYPE
|
|
SYNTAX HpnicfSSHUserConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SSH users configuration entry."
|
|
INDEX
|
|
{
|
|
hpnicfSSHUserName
|
|
}
|
|
::= { hpnicfSSHUserConfigTable 1 }
|
|
|
|
HpnicfSSHUserConfigEntry ::= SEQUENCE
|
|
{
|
|
hpnicfSSHUserName DisplayString,
|
|
hpnicfSSHUserServiceType INTEGER,
|
|
hpnicfSSHUserAuthType INTEGER,
|
|
hpnicfSSHUserPublicKeyName DisplayString,
|
|
hpnicfSSHUserWorkDirectory DisplayString,
|
|
hpnicfSSHUserRowStatus RowStatus
|
|
}
|
|
|
|
hpnicfSSHUserName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of SSH user."
|
|
::= { hpnicfSSHUserConfigEntry 1 }
|
|
|
|
hpnicfSSHUserServiceType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(1),
|
|
all(2),
|
|
stelnet(3),
|
|
sftp(4),
|
|
scp(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The service type of SSH user uses."
|
|
DEFVAL { invalid }
|
|
::= { hpnicfSSHUserConfigEntry 2 }
|
|
|
|
hpnicfSSHUserAuthType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(1),
|
|
password(2),
|
|
publicKey(3),
|
|
any(4),
|
|
publicKeyPassword(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The authentication type of SSH user chooses."
|
|
DEFVAL { invalid }
|
|
::= { hpnicfSSHUserConfigEntry 3 }
|
|
|
|
hpnicfSSHUserPublicKeyName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The public key which is used for authentication."
|
|
DEFVAL { "" }
|
|
::= { hpnicfSSHUserConfigEntry 4 }
|
|
|
|
hpnicfSSHUserWorkDirectory OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SFTP user's work directory associates with an existing user."
|
|
DEFVAL { "" }
|
|
::= { hpnicfSSHUserConfigEntry 5 }
|
|
|
|
|
|
hpnicfSSHUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used in accordance to installation
|
|
and removal conventions for conceptual rows.
|
|
|
|
When the `hpnicfSSHUserRowStatus' is set to active(1), no objects
|
|
in this table can be modified.
|
|
|
|
When 'hpnicfSSHUserRowStatus' is set to notInService(2), every object
|
|
except the 'hpnicfSSHUserName' object in this table can be modified.
|
|
|
|
To create a row in this table, a manager must set this object
|
|
to createAndGo(4). Until instances of all corresponding columns
|
|
are appropriately configured, the value of the corresponding
|
|
instance of the hpnicfSSHUserRowStatus column is 'notReady'."
|
|
::= { hpnicfSSHUserConfigEntry 6 }
|
|
|
|
-- Define a group which consists of all objects used for sessions.
|
|
hpnicfSSHSessionInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpnicfSSHSessionInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table for SSH sessions."
|
|
::= { hpnicfSSHServerMIBObjects 3 }
|
|
|
|
hpnicfSSHSessionInfoEntry OBJECT-TYPE
|
|
SYNTAX HpnicfSSHSessionInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SSH session information entry."
|
|
INDEX
|
|
{
|
|
hpnicfSSHSessionID
|
|
}
|
|
::= { hpnicfSSHSessionInfoTable 1 }
|
|
|
|
HpnicfSSHSessionInfoEntry ::= SEQUENCE
|
|
{
|
|
hpnicfSSHSessionID Integer32,
|
|
hpnicfSSHSessionUserName DisplayString,
|
|
hpnicfSSHSessionUserIpAddrType InetAddressType,
|
|
hpnicfSSHSessionUserIpAddr InetAddress,
|
|
hpnicfSSHSessionClientVersion DisplayString,
|
|
hpnicfSSHSessionServiceType INTEGER,
|
|
hpnicfSSHSessionEncry INTEGER,
|
|
hpnicfSSHSessionState INTEGER
|
|
}
|
|
|
|
hpnicfSSHSessionID OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The identifier of SSH session."
|
|
::= { hpnicfSSHSessionInfoEntry 1 }
|
|
|
|
hpnicfSSHSessionUserName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The user name of SSH session."
|
|
::= { hpnicfSSHSessionInfoEntry 2 }
|
|
|
|
hpnicfSSHSessionUserIpAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The user IP address type of SSH session."
|
|
::= { hpnicfSSHSessionInfoEntry 3 }
|
|
|
|
hpnicfSSHSessionUserIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The user IP address of SSH session."
|
|
::= { hpnicfSSHSessionInfoEntry 4 }
|
|
|
|
hpnicfSSHSessionClientVersion OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The client version of SSH session. It is known that there are still
|
|
devices using the previous versions."
|
|
::= { hpnicfSSHSessionInfoEntry 5 }
|
|
|
|
hpnicfSSHSessionServiceType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(1),
|
|
stelnet(2),
|
|
sftp(3),
|
|
scp(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The service type of SSH session."
|
|
::= { hpnicfSSHSessionInfoEntry 6 }
|
|
|
|
hpnicfSSHSessionEncry OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(1),
|
|
aes128CBC(2),
|
|
desCBC(3),
|
|
des3CBC(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encryption algorithm of SSH session. There are several encryption
|
|
algorithms used in SSH protocol, please refer to RFC4253 Section 6.3."
|
|
::= { hpnicfSSHSessionInfoEntry 7 }
|
|
|
|
hpnicfSSHSessionState OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
init(1),
|
|
verExchange(2),
|
|
keysExchange(3),
|
|
authRequest(4),
|
|
serviceRequest(5),
|
|
established(6),
|
|
disconnect(7)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of SSH session.
|
|
init : This session is in initial status.
|
|
verExchange : This session is in version exchanging.
|
|
keysExchange : This session is in keys exchanging.
|
|
authRequest : This session is in authentication requesting.
|
|
serviceRequest : This session is in service requesting.
|
|
established : This session has been established.
|
|
disconnected : This session has been disconnected."
|
|
::= { hpnicfSSHSessionInfoEntry 8 }
|
|
|
|
|
|
-- Define a group which consists of all objects used for trap.
|
|
hpnicfSSHServerObjForTrap OBJECT IDENTIFIER ::= { hpnicfSSHServerMIB 2 }
|
|
|
|
hpnicfSSHAttemptUserName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The user name of the attacker who attempted to log in."
|
|
::= { hpnicfSSHServerObjForTrap 1 }
|
|
|
|
hpnicfSSHAttemptIpAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address type of the attacker who attempted to log in."
|
|
::= { hpnicfSSHServerObjForTrap 2 }
|
|
|
|
hpnicfSSHAttemptIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the attacker who attempted to log in."
|
|
::= { hpnicfSSHServerObjForTrap 3 }
|
|
|
|
hpnicfSSHUserAuthFailureReason OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
exceedRetries(1),
|
|
authTimeout(2),
|
|
otherReason(3)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The reason for that a user failed to log in."
|
|
::= { hpnicfSSHServerObjForTrap 4 }
|
|
|
|
--
|
|
-- Notification definitions
|
|
--
|
|
-- =================================================================
|
|
-- Traps are defined below.
|
|
hpnicfSSHServerNotifications OBJECT IDENTIFIER ::= { hpnicfSSHServerMIB 3 }
|
|
|
|
-- All trap definitions should be placed under this object.
|
|
hpnicfSSHServerNotificationsPrefix OBJECT IDENTIFIER ::= { hpnicfSSHServerNotifications 0 }
|
|
|
|
-- All objects used for TRAP only are defined here.
|
|
hpnicfSSHUserAuthFailure NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hpnicfSSHAttemptUserName,
|
|
hpnicfSSHAttemptIpAddrType,
|
|
hpnicfSSHAttemptIpAddr,
|
|
hpnicfSSHUserAuthFailureReason
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The trap is generated when a user fails to authentication."
|
|
::= { hpnicfSSHServerNotificationsPrefix 1 }
|
|
|
|
hpnicfSSHVersionNegotiationFailure NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hpnicfSSHAttemptIpAddrType,
|
|
hpnicfSSHAttemptIpAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The trap is generated when a user fails to negotiate SSH
|
|
protocol version."
|
|
::= { hpnicfSSHServerNotificationsPrefix 2 }
|
|
|
|
hpnicfSSHUserLogin NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hpnicfSSHSessionUserName,
|
|
hpnicfSSHSessionUserIpAddrType,
|
|
hpnicfSSHSessionUserIpAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The trap is generated when a user logs in successfully."
|
|
::= { hpnicfSSHServerNotificationsPrefix 3 }
|
|
|
|
hpnicfSSHUserLogoff NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hpnicfSSHSessionUserName,
|
|
hpnicfSSHSessionUserIpAddrType,
|
|
hpnicfSSHSessionUserIpAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The trap is generated when a user logs off."
|
|
::= { hpnicfSSHServerNotificationsPrefix 4 }
|
|
|
|
END
|